Up until now, this test was written incorrectly. In addition, when it has
failed, it simply prints error messages rather than reporting that the test
failed. This fixes both of these problems.
- when no credentials are passed it will try to get valid credentials
using the google metadata service
- this is a feature of the google SDK, so we don't need to handle that
explicitly
- previous behaviour with a credentials file is retained
This changes the apache plugin behaviour to only parse enabled configuration files and respecting the --apache-vhost-root CLI parameter for new SSL vhost creation. If --apache-vhost-root isn't defined, or doesn't exist, the SSL vhost will be created to originating non-SSL vhost directory.
This PR also implements actual check for vhost enabled state, and makes sure parser.parse_file() does not discard changes in Augeas DOM, by doing an autosave.
Also handles enabling the new SSL vhost, if it's on a path that's not parsed by Apache.
Fixes: #1328Fixes: #3545Fixes: #3791Fixes: #4523Fixes: #4837Fixes: #4905
* First changes
* Handle rest of the errors
* Test fixes
* Final fixes
* Make parse_files accessible and fix linter problems
* Activate vhost at later time
* Cleanup
* Add a new test case, and fix old
* Enable site later in deploy_cert
* Make apache-conf-test default dummy configuration enabled
* Remove is_sites_available as obsolete
* Cleanup
* Brought back conditional vhost_path parsing
* Parenthesis
* Fix merge leftovers
* Fix to work with the recent changes to new file creation
* Added fix and tests for non-symlink vhost in sites-enabled
* Made vhostroot parameter for ApacheParser optional, and removed extra_path
* Respect vhost-root, and add Include statements to root configuration if needed
* Fixed site enabling order to prevent apache restart error while enabling mod_ssl
* Don't exclude Ubuntu / Debian vhost-root cli argument
* Changed the SSL vhost directory selection priority
* Requested fixes for paths and vhost discovery
* Make sure the Augeas DOM is written to disk before loading new files
* Actual checking for if the file is parsed within existing Apache configuration
* Fix the order of dummy SSL directives addition and enabling modules
* Restructured site_enabled checks
* Enabling vhost correctly for non-debian systems
* fix dns-rfc2136 plugin not respecting cnames
The plugin does not work if the domain of a certificate is found to have a cname record in dns.
That is because when plugin tries to find zone boundary, it searches from the domain up for the SOA record, and each DNS response is checked for the answer being empty, assuming that empty answer means no SOA record is present and the higher level domain has to be checked, and non empty answer section means that this domain is a zone root.
However, if the initial domain, or any upper level domain except the zone root has a cname record pointing to the zone root, then the server will, instead of returning an empty answer, return one containing two records, first a cname pointing to the zone root, then the SOA record of zone root, and that will make the check fail and use a wrong domain as a zone name during update.
Fix that by replacing a check for empty answer with explicitly searching in response's answer section for a SOA record matching the domain that is being checked.
* dns-rfc2136: fix lint errors
Also, switch timeout to 30 so it has every opportunity to actually work, even in bad network weather. (I posit that people are used to 30-second timeouts.)
Stop catching URLError explicitly, since it's a subclass of the already-caught IOError.
* Enhancement #4435. Organizing defaults in prepare_and_parse_args()
* Playing fast and loose with tox.
Discovered screwy case involving flag_default returning empty list (domains)
* Setting defaults for more low-hanging fruit. Some caveats remain.
* key_path default to None
* Applying PR feedback: explicit defaults even where redundant
* Obsessive quote consistency
* Set testing config path arguments to a 'certonly' default
* Copy the default domains list rather than get reference
* Build a testing Config from CLI_DEFAULTS
* Update some email tests for use with defaults in config.
config.email and config.noninteractive_mode in these tests
used to be magic-mock'd, so were True-ish. The default
email is now None and default noninteractive_mode is
False, so update in tests accordingly.
* Lint...
* Copy anything retrieved using flag_defaults. Apply this to test_cli_ini_domains too.
* Put those quotes back. Backslashes are just the worst.
* Remove vestigial line
* A test to ensure no regressions around modifying CLI_DEFAULTS
* certbot: Let plugins_cmd be run as un-priviliged user.
* certbot/main.py (main): Update function.
Addresses issue #4350.
* * Add test certbot.tests.main_testMainTest.test_plugins_no_args_unpriviliged
* prevent regressions of #5082
* Fix test_leauto_upgrades.sh
test_leauto_upgrades.sh has been incorrectly been succeeding because while peep
doesn't work with newer versions of pip and letsencrypt-auto would crash,
the output included the version number so we reported the test as passing.
This updates letsencrypt-auto to the oldest version that still works for the
purpose of the test and sets pipefail so errors are properly reported.
* Test symlink creation in test_leauto_upgrades.sh
* Pin dependencies in test_sdists.sh.
* Fix permissions errors in test_tests.sh
Now we always check if we have root access if --cb-auto-has-root is not given
on the command line. This allows certbot-auto to properly acquire root when
upgrading from an older version. People upgrading from 0.18.0 to 0.18.1 may
check for root access twice, however, if root's user ID is 0, this check is
essentially a noop. If root's user ID is not 0, we'll request root access a 2nd
time during this upgrade.
* Rename plugins.common.install_ssl_options_conf to plugins.common.install_version_controlled_file
* Install ssl_dhparams file
* Add installation test
* Add ssl_dhparam option when making a server block ssl
* add install_ssl_dhparams to Installer common plugin class
* Remove redundant code and tests
* update MANIFEST.in
* Addressing #4071 Wrote an ImmutableReturnMixin to prevent developers overriding return_value in certain Mock objects
* Language
* Loosening the assumption that underlying _mock objects need to be Immutable-like simplifies implementation
* Addressing #4071
* Ensure side_effects and return_values are pushed down to the underlying _mock in FreezableMocks. And IDisplay mocks are no longer frozen in _create_get_utility_mock()
* Edit a handful of tests to not override the mock_get_utility return_value
* Brief explainer of FreezableMock.__setattr__
* Incorporating PR feedback and some compatibility
* FreezableMock __getattr__ needs a shortcut in case of return_value or side_effect
* Changing return_value only forbidden if set before freezing
* Remove unnecessary else block
* Expanded doc strings
* Bring a couple new tests in line with patch_get_utility() norms
* Add installer class
* Add wrapped reverter methods to common.Installer.
* Use Installer class in Apache plugin
* Use Installer class in Nginx plugin
* Don't create reverter in Apache and Nginx plugins
* Add version number to bootstrap scripts.
* Always determine Bootstrap function and version.
* Write bootstrap version into venv.
* Add PrevBootstrapVersion function.
* Add OS bootstrapping check to phase 2.
* Differentiate -n and renew when rebootstrapping.
* Quote all environment variables.
* Correct test condition
* Add loud warning about hardcoded version list.
* s/VENV_BOOTSTRAP_VERSION/BOOTSTRAP_VERSION_PATH
* Properly handle noop bootstrap functions.
